﻿//AcademicPlanner - course registration planning web app.
//Copyright (C) 2009  Boubacar Diallo

//This program is free software; you can redistribute it and/or
//modify it under the terms of the GNU General Public License
//as published by the Free Software Foundation; either version 2
//of the License, or (at your option) any later version.

//This program is distributed in the hope that it will be useful,
//but WITHOUT ANY WARRANTY; without even the implied warranty of
//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
//GNU General Public License for more details.

//You should have received a copy of the GNU General Public License
//along with this program; if not, write to the Free Software
//Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.


using System;
using System.Collections.Generic;
using System.Linq;
using System.Data;
using System.Data.SqlClient;

namespace AcademicPlanner.Framework.Libraries.Auth
{
	/// <summary>
	/// Provides database based authentication service.
	/// </summary>
	/// <version>1.0</version>
	/// <since>1.0</since>
	public class DBBAuthenticator : IAuthenticator
	{
		private IDbConnection connection;

		private string tableUsersName = "users";


		/// <summary>
		/// Constructs a DBBAuthenticator with the given connection
		/// string to the database.
		/// </summary>
		/// <param name="pConnection">The connection string to the database.</param>
		/// <version>1.0</version>
		/// <since>1.0</since>
		public DBBAuthenticator(string pConnection)
		{
			connection = new SqlConnection(pConnection);
		}


		/// <summary>
		/// Authenticates a user with a password.
		/// This method simply checks that the user with
		/// the provided password exists in the database.
		/// </summary>
		/// <param name="pUser">The user's identifier.</param>
		/// <param name="pPassword">The user's password.</param>
		/// <returns>
		/// An <c>AuthenticationResult</c> detailing the result of the authentication request.
		/// </returns>
		/// <version>1.0</version>
		/// <since>1.0</since>
		public AuthenticationResult Authenticate(string pUser, string pPassword)
		{
			var rRes = new AuthenticationResult();
			var vAdatper = new SqlDataAdapter();
			var vSql = string.Format(
				"SELECT u.* " +
				"FROM {0} u " +
				"WHERE u.name = @userName " +
				"	AND u.password = @password " +
				"	AND u.active = 1",
				tableUsersName);
			var rSet = new DataSet();
			
			vAdatper.SelectCommand = (SqlCommand)connection.CreateCommand();
			vAdatper.SelectCommand.Parameters.AddWithValue("@userName", pUser);
			vAdatper.SelectCommand.Parameters.AddWithValue("@password", pPassword);
			vAdatper.SelectCommand.CommandText = vSql;
			vAdatper.Fill(rSet);
			vAdatper.Dispose();

			var vEnum = rSet.Tables[0].AsEnumerable();

			rRes.userIdentifier = pUser;
			if (vEnum.Count() > 0)
			rRes.authentic = true;

			return rRes;
		}

		AuthenticationResult IAuthenticator.Authenticate(string pUser)
		{
			throw new NotImplementedException();
		}

	}
}
